Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspected Malware infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Suspected Malware infection

Unread postby Ratagin » September 22nd, 2011, 1:33 am

Hello everybody,

About 1 week ago I noticed my computer becoming dreadfully slow. Where it would pause for 10-20 seconds while opening a program or running a memory intensive operation, and then all of a sudden it would instantly finish like the computer was trying to play catch up. I looked at the running processes and found a mysqld.exe file that was consuming 95% of my CPU resources. I talked to some friends in a video game forum and they helped me get rid of mysqld.exe and some files related to Dell Remote Access that was screwing things up (this is where mysqld.exe is located) and things seemed to get a lot faster. However, in the midst of all this I was downloading Spybot, MalwareBytes, PcDoctor, etc, and they were finding some trojans and programs like RegistryBooster were telling me I had tons of registry problems. Things are still not as fast as they once were, but much better now that mysqld.exe is gone. For some reason there are all these svchost.exe files as well... not sure what they are actually doing. I heard from the aforementioned friends about this help forum and decided to poke my head in! See below for the dds.txt and attach.txt logs, which were not done in safe mode... should they be? The directions didn't seem to mention safe mode was necessary. Thanks in advance for the help! :cheers:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Matt at 1:17:47 on 2011-09-22
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3545.1443 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\sminst\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\windows defender\MSASCui.exe
C:\Windows\system32\defrag.exe
C:\Windows\system32\DfrgNtfs.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110917212146.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Dell PC TuneUp Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [RunDLLEntry] c:\windows\system32\rundll32.exe c:\windows\system32\AmbRunE.dll,RunDLLEntry
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\runhstart.bat"
mRunOnce: [SMRequiresRestart]
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2A414F2D-7DF2-4AE0-A070-24B0B179E9CB} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A07D3217-8717-4CCB-9A0A-20CC1ED7A59E} : DhcpNameServer = 68.87.64.230 68.87.66.234
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\9pfopnr9.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\matt\appdata\roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
FF - Ext: Zotero WinWord Integration: zoteroWinWordIntegration@zotero.org - %profile%\extensions\zoteroWinWordIntegration@zotero.org
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-12 461864]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-5-20 20392]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-12 64712]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-12 164776]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-5-20 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-5-20 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-5-20 600944]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-1 88176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-12 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-12 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-12 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-12 166024]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-12 160344]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-12 148520]
R2 SftService;SoftThinks Agent Service;c:\windows\sminst\SftService.exe [2009-5-20 632048]
R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2008-1-20 21504]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-12 57432]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-5-20 144128]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-12 180072]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-12 59288]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-12 338040]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dsl-db;Remote Access DB;"c:\program files\common files\dell\mysql\bin\mysqld.exe" "--defaults-file=c:\program files\common files\dell\mysql\my.ini" dsl-db --> c:\program files\common files\dell\mysql\bin\mysqld.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-26 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-5-20 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-5-20 79360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-26 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-12 87808]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\common files\creative labs shared\service\XMBLicensing.exe [2009-5-20 79360]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
SUnknown 0002661316658716mcinstcleanup;0002661316658716mcinstcleanup; [x]
SUnknown Apache2.2;Apache2.2; [x]
SUnknown dsl-fs-sync;dsl-fs-sync; [x]
SUnknown scitegic_apache_1;scitegic_apache_1; [x]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-09-21 06:07:25 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-09-21 04:33:35 -------- d-----w- c:\programdata\PC Tools
2011-09-21 03:53:24 -------- d-sh--w- C:\$RECYCLE.BIN
2011-09-21 03:34:11 98816 ----a-w- c:\windows\sed.exe
2011-09-21 03:34:11 518144 ----a-w- c:\windows\SWREG.exe
2011-09-21 03:34:11 256000 ----a-w- c:\windows\PEV.exe
2011-09-21 03:34:11 208896 ----a-w- c:\windows\MBR.exe
2011-09-21 03:34:03 -------- d-----w- C:\ComboFix
2011-09-21 02:48:05 -------- d-----w- c:\users\matt\appdata\roaming\Malwarebytes
2011-09-21 02:48:01 -------- d-----w- c:\programdata\Malwarebytes
2011-09-21 00:58:45 -------- d-----w- c:\users\matt\appdata\local\PackageAware
2011-09-20 05:45:13 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{818a16f4-a15f-4ef9-8419-05d0fac6cfe0}\mpengine.dll
2011-09-18 01:21:46 28504 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2011-09-15 23:32:10 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-09-04 19:03:17 61440 ----a-w- c:\windows\diabunin.exe
2011-09-04 19:03:16 -------- d-----w- C:\Diablo
2011-08-25 22:26:57 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2011-08-15 14:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 14:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 14:00:06 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-08-15 14:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-08-15 14:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 14:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 14:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 14:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 14:00:06 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-08-15 14:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
============= FINISH: 1:18:08.65 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 5/20/2009 9:33:35 AM
System Uptime: 9/21/2011 5:31:35 PM (8 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | Microprocessor | 2535/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 131.341 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 6.555 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0003
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0003
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
RP685: 9/21/2011 11:26:50 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Bing Bar
BitTorrent
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.8
D3DX10
Dell-eBay
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell PC TuneUp
Dell Support Center (Support Software)
Dell Touchpad
Dell Video Chat
Dell Webcam Central
Dell Wireless WLAN Card Utility
DELL0703
Diablo
Diablo II
EPSON NX210 Series Printer Uninstall
EverQuest Titanium
Foxit Reader
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Igor Pro
Integrated Webcam Driver (1.02.01.0320)
Intel® Matrix Storage Manager
ISI ResearchSoft - Export Helper
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
KaleidaGraph 4.1
Live! Cam Avatar Creator
Marvell Miniport Driver
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MiKTeX 2.8
Move Media Player
Mozilla Firefox (3.6.12)
MSVCRT
OGA Notifier 2.0.0048.0
Origin 7.5
PowerDVD DX
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Skype™ 4.2
Sound Blaster X-Fi MB
Spelling Dictionaries Support For Adobe Reader 9
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2553110)
Ventrilo Client
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinEdt 6
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
9/21/2011 6:15:45 PM, Error: Service Control Manager [7034] - The scitegic_apache_7_5_2 service terminated unexpectedly. It has done this 1 time(s).
9/21/2011 5:33:36 PM, Error: Service Control Manager [7038] - The dsl-fs-sync service was unable to log on as .\RA Media Server with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/21/2011 5:33:36 PM, Error: Service Control Manager [7038] - The Apache2.2 service was unable to log on as .\RA Media Server with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/21/2011 5:33:36 PM, Error: Service Control Manager [7000] - The Remote Access Media Server service failed to start due to the following error: The service did not start due to a logon failure.
9/21/2011 5:33:36 PM, Error: Service Control Manager [7000] - The Remote Access File Sync Service service failed to start due to the following error: The service did not start due to a logon failure.
9/21/2011 5:33:36 PM, Error: Service Control Manager [7000] - The Remote Access DB service failed to start due to the following error: The system cannot find the path specified.
9/21/2011 3:49:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2478663).
9/21/2011 3:38:31 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2468871).
9/21/2011 3:28:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2518870).
9/21/2011 3:17:48 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2533523).
9/21/2011 2:58:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC ElRawDisk mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd Tcpip tdx Wanarpv6
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The scitegic_apache_7_5_2 service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The Remote Access Media Server service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2011 2:58:40 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2011 2:58:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/21/2011 2:58:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/21/2011 2:57:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/21/2011 2:57:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/21/2011 2:57:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/21/2011 2:57:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/21/2011 2:56:43 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
9/21/2011 2:54:06 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Installer service, but this action failed with the following error: An instance of the service is already running.
9/21/2011 2:52:06 AM, Error: Service Control Manager [7031] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/21/2011 2:51:23 AM, Error: Service Control Manager [7034] - The Remote Access Media Server service terminated unexpectedly. It has done this 1 time(s).
9/21/2011 2:50:51 AM, Error: Service Control Manager [7034] - The Remote Access File Sync Service service terminated unexpectedly. It has done this 1 time(s).
9/21/2011 2:35:25 AM, Error: Service Control Manager [7034] - The Remote Access DB service terminated unexpectedly. It has done this 1 time(s).
9/21/2011 2:07:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
9/21/2011 2:06:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/21/2011 2:04:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC ElRawDisk mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy PCTSD PSched RasAcd rdbss Smb spldr sptd Tcpip tdx Wanarpv6 ws2ifsl
9/21/2011 2:01:21 AM, Error: Service Control Manager [7024] - The scitegic_apache_7_5_2 service terminated with service-specific error 1 (0x1).
9/21/2011 12:55:24 AM, Error: PCTCore [280] -
9/21/2011 12:32:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
9/21/2011 12:31:49 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ElRawDisk spldr sptd Wanarpv6
9/21/2011 12:30:51 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21
9/20/2011 9:40:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
9/20/2011 12:13:53 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
9/20/2011 12:13:53 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/20/2011 12:13:53 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/20/2011 12:13:53 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/20/2011 12:13:53 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/20/2011 12:13:53 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/20/2011 12:13:53 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/20/2011 12:13:53 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
9/20/2011 12:13:53 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/20/2011 12:13:53 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/20/2011 12:13:53 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/20/2011 12:13:52 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/20/2011 12:13:52 PM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/20/2011 11:50:29 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/20/2011 11:46:18 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0025560F5A50 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
9/20/2011 11:39:37 PM, Error: Service Control Manager [7034] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 2 time(s).
9/20/2011 11:39:14 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/20/2011 11:39:14 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/20/2011 11:38:10 PM, Error: Service Control Manager [7034] - The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 1 time(s).
9/20/2011 11:35:49 PM, Error: Service Control Manager [7034] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 1 time(s).
9/20/2011 11:35:49 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/20/2011 11:35:49 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/20/2011 11:26:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaSvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
9/20/2011 10:55:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
9/19/2011 7:40:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070050: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2533523).
9/19/2011 7:37:36 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
9/17/2011 12:29:44 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/17/2011 12:29:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
9/17/2011 12:18:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================
Ratagin
Regular Member
 
Posts: 28
Joined: September 21st, 2011, 8:53 pm
Advertisement
Register to Remove

Re: Suspected Malware infection

Unread postby askey127 » September 25th, 2011, 7:01 am

Hi Ratagin,
If you use a Registry Cleaner/Booster/Optimizer, etc. you could trash your system.
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program BitTorrent in the removal instructions below, so we are not wasting our time.
If you have used this, and your computer is infected, you can be fairly confident this is a principal reason.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

BitTorrent
McAfee Security Scan Plus
Java(TM) 6 Update 26

Take extra care in answering questions posed by any Uninstaller.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

So we are looking for the log from TDSSKiller. Also please tell me how this machine interacts with George Mason.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Suspected Malware infection

Unread postby Ratagin » September 26th, 2011, 8:19 pm

Ratagin wrote:Copy and paste the contents of that file in your next reply.



20:09:59.0578 5196 TDSS rootkit removing tool 2.6.1.0 Sep 26 2011 09:21:32
20:10:01.0019 5196 ============================================================
20:10:01.0019 5196 Current date / time: 2011/09/26 20:10:01.0019
20:10:01.0019 5196 SystemInfo:
20:10:01.0019 5196
20:10:01.0019 5196 OS Version: 6.0.6002 ServicePack: 2.0
20:10:01.0019 5196 Product type: Workstation
20:10:01.0019 5196 ComputerName: MATT-PC
20:10:01.0020 5196 UserName: Matt
20:10:01.0020 5196 Windows directory: C:\Windows
20:10:01.0020 5196 System windows directory: C:\Windows
20:10:01.0020 5196 Processor architecture: Intel x86
20:10:01.0020 5196 Number of processors: 2
20:10:01.0020 5196 Page size: 0x1000
20:10:01.0020 5196 Boot type: Normal boot
20:10:01.0020 5196 ============================================================
20:10:02.0596 5196 Initialize success
20:10:26.0577 0936 ============================================================
20:10:26.0577 0936 Scan started
20:10:26.0577 0936 Mode: Manual;
20:10:26.0577 0936 ============================================================
20:10:27.0902 0936 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:10:27.0907 0936 ACPI - ok
20:10:28.0025 0936 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:10:28.0068 0936 adp94xx - ok
20:10:28.0201 0936 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:10:28.0206 0936 adpahci - ok
20:10:28.0355 0936 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:10:28.0376 0936 adpu160m - ok
20:10:28.0481 0936 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:10:28.0485 0936 adpu320 - ok
20:10:28.0606 0936 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:10:28.0611 0936 AFD - ok
20:10:28.0827 0936 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:10:28.0828 0936 agp440 - ok
20:10:28.0867 0936 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:10:28.0869 0936 aic78xx - ok
20:10:29.0008 0936 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:10:29.0010 0936 aliide - ok
20:10:29.0105 0936 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:10:29.0123 0936 amdagp - ok
20:10:29.0247 0936 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:10:29.0248 0936 amdide - ok
20:10:29.0363 0936 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:10:29.0365 0936 AmdK7 - ok
20:10:29.0676 0936 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:10:29.0678 0936 AmdK8 - ok
20:10:29.0956 0936 ApfiltrService (448da519f3b6ffa158c513156053181e) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:10:29.0982 0936 ApfiltrService - ok
20:10:30.0273 0936 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:10:30.0275 0936 arc - ok
20:10:30.0345 0936 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:10:30.0348 0936 arcsas - ok
20:10:30.0505 0936 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:10:30.0507 0936 AsyncMac - ok
20:10:30.0809 0936 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
20:10:30.0811 0936 atapi - ok
20:10:30.0995 0936 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
20:10:30.0996 0936 BCM42RLY - ok
20:10:31.0209 0936 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:10:31.0244 0936 BCM43XX - ok
20:10:31.0347 0936 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:10:31.0349 0936 Beep - ok
20:10:31.0408 0936 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:10:31.0422 0936 blbdrive - ok
20:10:31.0550 0936 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:10:31.0565 0936 bowser - ok
20:10:31.0906 0936 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:10:31.0920 0936 BrFiltLo - ok
20:10:32.0009 0936 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:10:32.0011 0936 BrFiltUp - ok
20:10:32.0099 0936 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:10:32.0101 0936 Brserid - ok
20:10:32.0216 0936 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:10:32.0218 0936 BrSerWdm - ok
20:10:32.0279 0936 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:10:32.0280 0936 BrUsbMdm - ok
20:10:32.0475 0936 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:10:32.0476 0936 BrUsbSer - ok
20:10:32.0603 0936 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:10:32.0604 0936 BTHMODEM - ok
20:10:32.0664 0936 catchme - ok
20:10:32.0791 0936 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:10:32.0814 0936 cdfs - ok
20:10:32.0879 0936 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:10:32.0883 0936 cdrom - ok
20:10:32.0983 0936 cfwids (142e4e00ad91600a2d20692ed52fafc8) C:\Windows\system32\drivers\cfwids.sys
20:10:32.0984 0936 cfwids - ok
20:10:33.0033 0936 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:10:33.0035 0936 circlass - ok
20:10:33.0161 0936 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:10:33.0165 0936 CLFS - ok
20:10:33.0315 0936 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:10:33.0330 0936 CmBatt - ok
20:10:33.0428 0936 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:10:33.0436 0936 cmdide - ok
20:10:33.0490 0936 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:10:33.0505 0936 Compbatt - ok
20:10:33.0563 0936 cpuz132 - ok
20:10:33.0808 0936 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:10:33.0809 0936 crcdisk - ok
20:10:33.0857 0936 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:10:33.0871 0936 Crusoe - ok
20:10:34.0035 0936 CtClsFlt (281b2b60b5cb449bcf0474eecf73ebec) C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:10:34.0038 0936 CtClsFlt - ok
20:10:34.0131 0936 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:10:34.0133 0936 DfsC - ok
20:10:34.0240 0936 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:10:34.0241 0936 disk - ok
20:10:34.0350 0936 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:10:34.0352 0936 drmkaud - ok
20:10:34.0603 0936 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:10:34.0614 0936 DXGKrnl - ok
20:10:34.0747 0936 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
20:10:34.0752 0936 e1express - ok
20:10:34.0809 0936 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:10:34.0820 0936 E1G60 - ok
20:10:34.0930 0936 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:10:34.0945 0936 Ecache - ok
20:10:35.0093 0936 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\elrawdsk.sys
20:10:35.0095 0936 ElRawDisk - ok
20:10:35.0211 0936 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:10:35.0217 0936 elxstor - ok
20:10:35.0409 0936 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
20:10:35.0411 0936 ErrDev - ok
20:10:35.0649 0936 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:10:35.0652 0936 exfat - ok
20:10:35.0698 0936 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:10:35.0701 0936 fastfat - ok
20:10:35.0789 0936 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:10:35.0791 0936 fdc - ok
20:10:35.0829 0936 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:10:35.0831 0936 FileInfo - ok
20:10:35.0904 0936 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:10:35.0915 0936 Filetrace - ok
20:10:36.0155 0936 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:10:36.0170 0936 flpydisk - ok
20:10:36.0372 0936 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:10:36.0376 0936 FltMgr - ok
20:10:36.0658 0936 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:10:36.0660 0936 Fs_Rec - ok
20:10:36.0900 0936 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:10:36.0902 0936 gagp30kx - ok
20:10:37.0135 0936 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:10:37.0144 0936 HDAudBus - ok
20:10:37.0272 0936 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:10:37.0282 0936 HidBth - ok
20:10:37.0319 0936 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:10:37.0321 0936 HidIr - ok
20:10:37.0423 0936 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:10:37.0424 0936 HidUsb - ok
20:10:37.0536 0936 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:10:37.0538 0936 HpCISSs - ok
20:10:37.0774 0936 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
20:10:37.0781 0936 HTTP - ok
20:10:37.0953 0936 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:10:37.0954 0936 i2omp - ok
20:10:37.0994 0936 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:10:38.0011 0936 i8042prt - ok
20:10:38.0144 0936 iaStor (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\drivers\iastor.sys
20:10:38.0146 0936 iaStor - ok
20:10:38.0406 0936 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:10:38.0446 0936 iaStorV - ok
20:10:38.0787 0936 igfx (8dad27dd28a4274866767c89c0bf154f) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:10:38.0887 0936 igfx - ok
20:10:38.0991 0936 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:10:38.0995 0936 iirsp - ok
20:10:39.0062 0936 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:10:39.0063 0936 intelide - ok
20:10:39.0268 0936 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:10:39.0269 0936 intelppm - ok
20:10:39.0407 0936 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:10:39.0432 0936 IpFilterDriver - ok
20:10:39.0467 0936 IpInIp - ok
20:10:39.0540 0936 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:10:39.0561 0936 IPMIDRV - ok
20:10:39.0688 0936 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:10:39.0692 0936 IPNAT - ok
20:10:39.0811 0936 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:10:39.0812 0936 IRENUM - ok
20:10:39.0897 0936 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:10:39.0909 0936 isapnp - ok
20:10:40.0069 0936 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:10:40.0072 0936 iScsiPrt - ok
20:10:40.0319 0936 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:10:40.0335 0936 iteatapi - ok
20:10:40.0641 0936 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:10:40.0666 0936 iteraid - ok
20:10:40.0873 0936 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:10:40.0895 0936 kbdclass - ok
20:10:41.0055 0936 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:10:41.0074 0936 kbdhid - ok
20:10:41.0275 0936 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
20:10:41.0282 0936 KSecDD - ok
20:10:41.0368 0936 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:10:41.0370 0936 lltdio - ok
20:10:41.0687 0936 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:10:41.0699 0936 LSI_FC - ok
20:10:41.0747 0936 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:10:41.0749 0936 LSI_SAS - ok
20:10:41.0794 0936 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:10:41.0807 0936 LSI_SCSI - ok
20:10:41.0868 0936 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:10:41.0870 0936 luafv - ok
20:10:41.0969 0936 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:10:41.0992 0936 megasas - ok
20:10:42.0101 0936 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:10:42.0107 0936 MegaSR - ok
20:10:42.0213 0936 mfeapfk (c373a719d704d12f5a4503f6f10239ff) C:\Windows\system32\drivers\mfeapfk.sys
20:10:42.0234 0936 mfeapfk - ok
20:10:42.0348 0936 mfeavfk (851ad52871b62457152a8acaff0c632d) C:\Windows\system32\drivers\mfeavfk.sys
20:10:42.0352 0936 mfeavfk - ok
20:10:42.0414 0936 mfeavfk01 - ok
20:10:42.0505 0936 mfebopk (5b9ffb027669a8ac30aac0b4996bc603) C:\Windows\system32\drivers\mfebopk.sys
20:10:42.0507 0936 mfebopk - ok
20:10:42.0590 0936 mfefirek (2cabe72e53365834cb9969dde47bd690) C:\Windows\system32\drivers\mfefirek.sys
20:10:42.0615 0936 mfefirek - ok
20:10:42.0873 0936 mfehidk (46db8f041e928bdc17b8daba249a2148) C:\Windows\system32\drivers\mfehidk.sys
20:10:42.0876 0936 mfehidk - ok
20:10:43.0036 0936 mfenlfk (3f9c3147c904fb4377ede0d9df06c789) C:\Windows\system32\DRIVERS\mfenlfk.sys
20:10:43.0061 0936 mfenlfk - ok
20:10:43.0197 0936 mferkdet (316fd7c31cd57ca793fb10912aeeb2d2) C:\Windows\system32\drivers\mferkdet.sys
20:10:43.0208 0936 mferkdet - ok
20:10:43.0436 0936 mfewfpk (991069f1e220842c5f9742f6ec4b40a8) C:\Windows\system32\drivers\mfewfpk.sys
20:10:43.0440 0936 mfewfpk - ok
20:10:43.0770 0936 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:10:43.0791 0936 Modem - ok
20:10:43.0972 0936 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:10:43.0973 0936 monitor - ok
20:10:44.0038 0936 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:10:44.0039 0936 mouclass - ok
20:10:44.0292 0936 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:10:44.0293 0936 mouhid - ok
20:10:44.0380 0936 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:10:44.0382 0936 MountMgr - ok
20:10:44.0445 0936 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:10:44.0448 0936 mpio - ok
20:10:44.0488 0936 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:10:44.0489 0936 mpsdrv - ok
20:10:44.0517 0936 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:10:44.0519 0936 Mraid35x - ok
20:10:44.0566 0936 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:10:44.0577 0936 MRxDAV - ok
20:10:44.0723 0936 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:10:44.0727 0936 mrxsmb - ok
20:10:44.0852 0936 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:10:44.0893 0936 mrxsmb10 - ok
20:10:45.0042 0936 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:10:45.0074 0936 mrxsmb20 - ok
20:10:45.0284 0936 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
20:10:45.0291 0936 msahci - ok
20:10:45.0384 0936 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:10:45.0401 0936 msdsm - ok
20:10:45.0497 0936 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:10:45.0498 0936 Msfs - ok
20:10:45.0588 0936 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:10:45.0589 0936 msisadrv - ok
20:10:45.0721 0936 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:10:45.0723 0936 MSKSSRV - ok
20:10:45.0810 0936 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:10:45.0811 0936 MSPCLOCK - ok
20:10:45.0837 0936 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:10:45.0846 0936 MSPQM - ok
20:10:45.0911 0936 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:10:45.0943 0936 MsRPC - ok
20:10:46.0030 0936 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:10:46.0033 0936 mssmbios - ok
20:10:46.0052 0936 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:10:46.0053 0936 MSTEE - ok
20:10:46.0166 0936 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:10:46.0167 0936 Mup - ok
20:10:46.0341 0936 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:10:46.0358 0936 NativeWifiP - ok
20:10:46.0528 0936 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:10:46.0580 0936 NDIS - ok
20:10:46.0938 0936 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:10:46.0940 0936 NdisTapi - ok
20:10:47.0055 0936 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:10:47.0057 0936 Ndisuio - ok
20:10:47.0171 0936 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:10:47.0174 0936 NdisWan - ok
20:10:47.0270 0936 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:10:47.0291 0936 NDProxy - ok
20:10:47.0381 0936 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:10:47.0383 0936 NetBIOS - ok
20:10:47.0532 0936 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:10:47.0536 0936 netbt - ok
20:10:47.0752 0936 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:10:47.0770 0936 nfrd960 - ok
20:10:47.0869 0936 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:10:47.0871 0936 Npfs - ok
20:10:47.0955 0936 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:10:47.0956 0936 nsiproxy - ok
20:10:48.0192 0936 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:10:48.0208 0936 Ntfs - ok
20:10:48.0363 0936 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:10:48.0364 0936 ntrigdigi - ok
20:10:48.0399 0936 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:10:48.0406 0936 Null - ok
20:10:48.0537 0936 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:10:48.0567 0936 nvraid - ok
20:10:48.0631 0936 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:10:48.0633 0936 nvstor - ok
20:10:48.0731 0936 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:10:48.0774 0936 nv_agp - ok
20:10:48.0879 0936 NwlnkFlt - ok
20:10:48.0984 0936 NwlnkFwd - ok
20:10:49.0034 0936 OA009Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA009Ufd.sys
20:10:49.0037 0936 OA009Ufd - ok
20:10:49.0222 0936 OA009Vid (636c6ee8bb6ec473b8fe221eff77e0cc) C:\Windows\system32\DRIVERS\OA009Vid.sys
20:10:49.0227 0936 OA009Vid - ok
20:10:49.0453 0936 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
20:10:49.0455 0936 ohci1394 - ok
20:10:49.0575 0936 Packet (9d80e0be979c3edaf2863f23b88f4de6) C:\Windows\system32\DRIVERS\packet.sys
20:10:49.0576 0936 Packet - ok
20:10:49.0655 0936 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:10:49.0708 0936 Parport - ok
20:10:49.0786 0936 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:10:49.0788 0936 partmgr - ok
20:10:49.0971 0936 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:10:49.0972 0936 Parvdm - ok
20:10:50.0099 0936 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
20:10:50.0143 0936 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok
20:10:50.0292 0936 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:10:50.0325 0936 pci - ok
20:10:50.0508 0936 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:10:50.0524 0936 pciide - ok
20:10:50.0641 0936 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:10:50.0646 0936 pcmcia - ok
20:10:50.0848 0936 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:10:50.0867 0936 PEAUTH - ok
20:10:51.0085 0936 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:10:51.0101 0936 PptpMiniport - ok
20:10:51.0121 0936 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:10:51.0124 0936 Processor - ok
20:10:51.0234 0936 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:10:51.0246 0936 PSched - ok
20:10:51.0308 0936 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
20:10:51.0342 0936 PxHelp20 - ok
20:10:51.0550 0936 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:10:51.0573 0936 ql2300 - ok
20:10:51.0892 0936 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:10:51.0923 0936 ql40xx - ok
20:10:52.0449 0936 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:10:52.0471 0936 QWAVEdrv - ok
20:10:53.0224 0936 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
20:10:53.0379 0936 R300 - ok
20:10:53.0640 0936 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:10:53.0649 0936 RasAcd - ok
20:10:53.0743 0936 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:10:53.0771 0936 Rasl2tp - ok
20:10:53.0940 0936 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:10:53.0965 0936 RasPppoe - ok
20:10:54.0080 0936 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:10:54.0082 0936 RasSstp - ok
20:10:54.0208 0936 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:10:54.0255 0936 rdbss - ok
20:10:54.0442 0936 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:10:54.0444 0936 RDPCDD - ok
20:10:54.0594 0936 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:10:54.0601 0936 rdpdr - ok
20:10:54.0651 0936 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:10:54.0668 0936 RDPENCDD - ok
20:10:54.0764 0936 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:10:54.0770 0936 RDPWD - ok
20:10:54.0923 0936 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:10:54.0935 0936 rspndr - ok
20:10:55.0091 0936 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
20:10:55.0092 0936 RTSTOR - ok
20:10:55.0349 0936 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:10:55.0351 0936 sbp2port - ok
20:10:55.0554 0936 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:10:55.0569 0936 secdrv - ok
20:10:55.0704 0936 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:10:55.0705 0936 Serenum - ok
20:10:55.0828 0936 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:10:55.0831 0936 Serial - ok
20:10:56.0038 0936 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:10:56.0039 0936 sermouse - ok
20:10:56.0173 0936 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:10:56.0174 0936 sffdisk - ok
20:10:56.0273 0936 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:10:56.0274 0936 sffp_mmc - ok
20:10:56.0412 0936 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:10:56.0422 0936 sffp_sd - ok
20:10:56.0505 0936 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:10:56.0511 0936 sfloppy - ok
20:10:56.0712 0936 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:10:56.0714 0936 sisagp - ok
20:10:56.0965 0936 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:10:56.0974 0936 SiSRaid2 - ok
20:10:57.0039 0936 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:10:57.0051 0936 SiSRaid4 - ok
20:10:57.0173 0936 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:10:57.0175 0936 Smb - ok
20:10:57.0331 0936 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:10:57.0340 0936 spldr - ok
20:10:57.0518 0936 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\Windows\system32\Drivers\sptd.sys
20:10:57.0518 0936 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
20:10:57.0538 0936 sptd ( LockedFile.Multi.Generic ) - warning
20:10:57.0538 0936 sptd - detected LockedFile.Multi.Generic (1)
20:10:57.0688 0936 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:10:57.0720 0936 srv - ok
20:10:57.0914 0936 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:10:57.0917 0936 srv2 - ok
20:10:58.0177 0936 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:10:58.0179 0936 srvnet - ok
20:10:58.0309 0936 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys
20:10:58.0319 0936 STHDA - ok
20:10:58.0725 0936 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:10:58.0727 0936 swenum - ok
20:10:58.0991 0936 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:10:59.0009 0936 Symc8xx - ok
20:10:59.0229 0936 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:10:59.0245 0936 Sym_hi - ok
20:10:59.0470 0936 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:10:59.0481 0936 Sym_u3 - ok
20:10:59.0887 0936 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
20:10:59.0980 0936 Tcpip - ok
20:11:00.0353 0936 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
20:11:00.0358 0936 Tcpip6 - ok
20:11:00.0650 0936 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:11:00.0670 0936 tcpipreg - ok
20:11:00.0906 0936 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:11:00.0928 0936 TDPIPE - ok
20:11:01.0215 0936 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:11:01.0217 0936 TDTCP - ok
20:11:01.0502 0936 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:11:01.0514 0936 tdx - ok
20:11:01.0718 0936 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:11:01.0732 0936 TermDD - ok
20:11:01.0926 0936 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:11:01.0927 0936 tssecsrv - ok
20:11:02.0144 0936 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:11:02.0165 0936 tunmp - ok
20:11:02.0347 0936 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:11:02.0348 0936 tunnel - ok
20:11:02.0564 0936 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:11:02.0566 0936 uagp35 - ok
20:11:02.0692 0936 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:11:02.0696 0936 udfs - ok
20:11:02.0859 0936 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:11:02.0862 0936 uliagpkx - ok
20:11:02.0913 0936 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:11:02.0928 0936 uliahci - ok
20:11:02.0995 0936 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:11:02.0998 0936 UlSata - ok
20:11:03.0154 0936 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:11:03.0185 0936 ulsata2 - ok
20:11:03.0246 0936 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:11:03.0248 0936 umbus - ok
20:11:03.0480 0936 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
20:11:03.0500 0936 usbaudio - ok
20:11:03.0568 0936 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:11:03.0570 0936 usbccgp - ok
20:11:03.0640 0936 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:11:03.0643 0936 usbcir - ok
20:11:03.0745 0936 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:11:03.0747 0936 usbehci - ok
20:11:03.0872 0936 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:11:03.0883 0936 usbhub - ok
20:11:03.0953 0936 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:11:03.0955 0936 usbohci - ok
20:11:04.0014 0936 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:11:04.0025 0936 usbprint - ok
20:11:04.0086 0936 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:11:04.0088 0936 usbscan - ok
20:11:04.0177 0936 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:11:04.0179 0936 USBSTOR - ok
20:11:04.0287 0936 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:11:04.0289 0936 usbuhci - ok
20:11:04.0428 0936 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:11:04.0438 0936 vga - ok
20:11:04.0655 0936 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:11:04.0678 0936 VgaSave - ok
20:11:04.0858 0936 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:11:04.0859 0936 viaagp - ok
20:11:04.0902 0936 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:11:04.0904 0936 ViaC7 - ok
20:11:04.0949 0936 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:11:04.0951 0936 viaide - ok
20:11:05.0013 0936 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:11:05.0022 0936 volmgr - ok
20:11:05.0189 0936 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:11:05.0194 0936 volmgrx - ok
20:11:05.0377 0936 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:11:05.0381 0936 volsnap - ok
20:11:05.0452 0936 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:11:05.0472 0936 vsmraid - ok
20:11:05.0620 0936 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:11:05.0644 0936 WacomPen - ok
20:11:05.0696 0936 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:11:05.0712 0936 Wanarp - ok
20:11:05.0729 0936 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:11:05.0730 0936 Wanarpv6 - ok
20:11:05.0960 0936 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:11:05.0962 0936 Wd - ok
20:11:06.0081 0936 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:11:06.0089 0936 Wdf01000 - ok
20:11:06.0408 0936 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:11:06.0415 0936 WmiAcpi - ok
20:11:06.0642 0936 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:11:06.0644 0936 WpdUsb - ok
20:11:06.0894 0936 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:11:06.0896 0936 ws2ifsl - ok
20:11:07.0139 0936 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:11:07.0141 0936 WUDFRd - ok
20:11:07.0317 0936 yukonwlh (6e5ca74e7c3a5392d169a91ffa48a297) C:\Windows\system32\DRIVERS\yk60x86.sys
20:11:07.0322 0936 yukonwlh - ok
20:11:07.0347 0936 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
20:11:07.0362 0936 \Device\Harddisk0\DR0 - ok
20:11:07.0382 0936 Boot (0x1200) (05fdc1787582d2d0fba3a56c37e378a0) \Device\Harddisk0\DR0\Partition0
20:11:07.0383 0936 \Device\Harddisk0\DR0\Partition0 - ok
20:11:07.0386 0936 Boot (0x1200) (4c012ae52b4b04f44f896f487a237a87) \Device\Harddisk0\DR0\Partition1
20:11:07.0387 0936 \Device\Harddisk0\DR0\Partition1 - ok
20:11:07.0388 0936 ============================================================
20:11:07.0388 0936 Scan finished
20:11:07.0388 0936 ============================================================
20:11:07.0398 4348 Detected object count: 1
20:11:07.0398 4348 Actual detected object count: 1
20:12:52.0422 4348 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:12:52.0423 4348 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
20:13:22.0793 4276 Deinitialize success

askey127 wrote:Also please tell me how this machine interacts with George Mason.


I have no idea who or what George Mason is, and I have no idea of any interaction with "George Mason"... completely confused about that!

Warm regards and thanks again,
Ratagin
Ratagin
Regular Member
 
Posts: 28
Joined: September 21st, 2011, 8:53 pm

Re: Suspected Malware infection

Unread postby askey127 » September 27th, 2011, 8:20 am

Ratagin,
Evidently your version of Zotero toolbar is downloaded from George Mason University.
You have quite a few errors from services, due to removing files without removing the related application program first.
Do you use GoToAssist?
Don't ever use any Registry Cleaner/Booster/Optimizer, etc. They don't really help much, and could trash your system.
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://www.oracle.com/technetwork/java/javase/downloads/index.html, and install it to your computer.
In the first section on the page, labeled Java SE 7(JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the link for your Platform Windows x86 offline, and click it.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, (or right click and choose "Run as administrator" in Vista/Win7) and it will install the newest version of Java for you to use.

During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.

When it finishes, you can remove the Installer from your desktop.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Double click on the icon to run it. For Vista or Win7, right click the icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Suspected Malware infection

Unread postby Ratagin » September 27th, 2011, 11:29 am

askey127 wrote:Evidently your version of Zotero toolbar is downloaded from George Mason University.


Ahh ok, Zotero is a very useful program I use for writing academic papers and keeping references organized... didn't know that it was from George Mason U.

Ratagin wrote:OTL.Txt



OTL logfile created on: 9/27/2011 11:17:41 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Matt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 50.94% Memory free
7.12 Gb Paging File | 5.61 Gb Available in Paging File | 78.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 121.86 Gb Free Space | 55.85% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.56 Gb Free Space | 44.75% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/27 11:14:47 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2011/09/26 20:32:18 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Matt\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe
PRC - [2011/09/10 00:51:34 | 001,317,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/08/19 15:59:30 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/08/19 15:55:34 | 000,160,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/08/19 15:55:18 | 000,166,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/02/07 16:42:10 | 000,477,560 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/12/14 07:31:12 | 000,184,552 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe
PRC - [2010/04/05 16:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/23 13:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/17 15:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/06/23 04:23:48 | 000,600,944 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2009/06/03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 10:48:06 | 000,632,048 | ---- | M] (SoftThinks) -- C:\Windows\sminst\SftService.exe
PRC - [2009/02/05 01:57:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/04 22:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/31 22:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/15 00:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 18:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 03:03:42 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/09/27 03:03:38 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2010/09/25 14:34:21 | 005,242,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/03/30 00:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/03/30 00:42:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2008/12/22 06:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (dsl-db)
SRV - [2011/08/19 15:59:30 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/08/19 15:55:34 | 000,160,344 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/08/19 15:55:18 | 000,166,024 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/06/23 15:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/26 11:30:32 | 000,822,104 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\temp\0032861317081084mcinst.exe -- (0032861317081084mcinstcleanup) McAfee Application Installer Cleanup (0032861317081084)
SRV - [2009/06/23 04:23:48 | 000,600,944 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2009/06/23 04:23:48 | 000,600,944 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2009/05/20 15:14:21 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/05/20 15:13:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/05/20 15:13:03 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2009/05/20 14:57:49 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/04/21 04:09:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\yk60x86.dll -- (yksvc)
SRV - [2009/02/23 10:48:06 | 000,632,048 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Windows\sminst\sftservice.EXE -- (SftService)
SRV - [2009/02/05 01:57:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/12/15 00:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/15 00:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/11/03 19:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/08/15 10:00:06 | 000,461,864 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/08/15 10:00:06 | 000,338,040 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/08/15 10:00:06 | 000,180,072 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/08/15 10:00:06 | 000,164,776 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/08/15 10:00:06 | 000,119,808 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/08/15 10:00:06 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/08/15 10:00:06 | 000,064,712 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/08/15 10:00:06 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/08/15 10:00:06 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/07/02 17:22:15 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/04/15 13:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/03/19 17:02:00 | 000,271,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2009/03/06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2008/12/30 22:00:04 | 000,144,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008/12/22 06:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/15 00:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/09 15:26:50 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2008/11/04 19:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/06/17 12:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/01/20 22:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-245273635-629929200-1524352486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-245273635-629929200-1524352486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-245273635-629929200-1524352486-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-245273635-629929200-1524352486-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-245273635-629929200-1524352486-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.8
FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Matt\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/09/26 19:48:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/23 12:27:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/23 12:27:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Matt\AppData\Roaming\Move Networks [2009/11/08 20:40:43 | 000,000,000 | ---D | M]

[2010/01/29 17:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2011/06/28 10:31:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\9pfopnr9.default\extensions
[2010/05/01 04:06:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\9pfopnr9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/28 10:19:07 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\9pfopnr9.default\extensions\zotero@chnm.gmu.edu
[2011/06/28 10:19:05 | 000,000,000 | ---D | M] (Zotero WinWord Integration) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\9pfopnr9.default\extensions\zoteroWinWordIntegration@zotero.org
[2011/09/27 11:13:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/22 19:38:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/27 11:13:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/09/26 19:48:10 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2009/11/08 20:40:43 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\MATT\APPDATA\ROAMING\MOVE NETWORKS
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/09/27 11:12:58 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/28 23:45:17 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\14.0.835.186\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Matt\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Matt\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: SiteAdvisor = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\
CHR - Extension: Poppit = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/09/20 23:50:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110917212146.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-245273635-629929200-1524352486-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell PC TuneUp Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RunDLLEntry] C:\Windows\System32\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-245273635-629929200-1524352486-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-245273635-629929200-1524352486-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-245273635-629929200-1524352486-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A414F2D-7DF2-4AE0-A070-24B0B179E9CB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A07D3217-8717-4CCB-9A0A-20CC1ED7A59E}: DhcpNameServer = 68.87.64.230 68.87.66.234
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/27 11:14:47 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2011/09/27 11:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/09/27 11:13:14 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/09/27 11:13:14 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/09/27 11:13:13 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/09/26 20:09:07 | 001,548,080 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe
[2011/09/26 19:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/09/22 01:13:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\dds.com
[2011/09/21 02:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/09/21 00:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/09/21 00:09:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/20 23:53:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/20 23:34:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/20 23:34:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/20 23:34:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/20 23:34:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/20 23:34:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/20 23:33:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/20 22:48:05 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes
[2011/09/20 22:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/20 20:58:45 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\PackageAware
[2011/09/04 15:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo
[2011/09/04 15:03:16 | 000,000,000 | ---D | C] -- C:\Diablo
[2009/07/23 22:56:24 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Matt\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2011/09/27 11:20:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/27 11:14:47 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2011/09/27 11:12:56 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/09/27 11:12:56 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/09/27 11:12:56 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/09/27 11:12:55 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2011/09/27 10:37:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-245273635-629929200-1524352486-1000UA.job
[2011/09/27 09:41:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 09:41:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 01:20:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/26 20:37:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-245273635-629929200-1524352486-1000Core.job
[2011/09/26 20:09:09 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe
[2011/09/26 19:42:40 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/09/26 19:42:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/22 01:13:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\dds.com
[2011/09/21 03:03:15 | 000,006,756 | ---- | M] () -- C:\Users\Matt\AppData\Local\d3d9caps.dat
[2011/09/20 23:50:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/20 21:34:26 | 000,161,792 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/20 20:05:39 | 000,600,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/20 20:05:39 | 000,102,226 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/04 15:03:17 | 000,061,440 | ---- | M] () -- C:\Windows\diabunin.exe

========== Files Created - No Company Name ==========

[2011/09/20 23:34:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/20 23:34:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/20 23:34:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/20 23:34:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/20 23:34:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/04 15:03:17 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe
[2011/03/29 00:41:56 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/06 15:43:27 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/08/08 23:15:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/10 17:40:01 | 000,029,239 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\UserTile.png
[2009/06/03 00:48:02 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/06/03 00:48:02 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/06/03 00:48:02 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/06/03 00:28:54 | 000,036,662 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2009/06/01 20:56:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/01 20:56:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/01 18:08:08 | 000,161,792 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/01 14:35:19 | 000,006,756 | ---- | C] () -- C:\Users\Matt\AppData\Local\d3d9caps.dat
[2009/05/20 17:25:43 | 002,026,604 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/05/20 17:25:43 | 000,445,796 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/05/20 17:25:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/05/20 17:25:43 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/05/20 17:22:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/20 15:35:35 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/05/20 15:14:29 | 000,005,051 | ---- | C] () -- C:\Windows\System32\cfgfx.ini
[2009/05/20 15:14:29 | 000,001,438 | ---- | C] () -- C:\Windows\FF08_not_Spk_Hp.ini
[2009/05/20 15:14:29 | 000,001,379 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2009/05/20 15:14:28 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/05/20 15:14:28 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/05/20 15:09:08 | 000,253,952 | ---- | C] () -- C:\Windows\System32\STODDSC.dll
[2009/05/20 15:09:08 | 000,106,496 | ---- | C] () -- C:\Windows\System32\STPE.dll
[2009/05/20 15:09:08 | 000,069,632 | ---- | C] () -- C:\Windows\System32\STRegistry.dll
[2009/05/20 15:09:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\STWiz.dll
[2009/05/20 15:09:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\STProcess.dll
[2009/05/20 15:09:07 | 000,471,040 | ---- | C] () -- C:\Windows\System32\PSTImage.dll
[2009/05/20 15:09:07 | 000,385,024 | ---- | C] () -- C:\Windows\System32\STODD.dll
[2009/05/20 15:09:07 | 000,380,928 | ---- | C] () -- C:\Windows\System32\STODDRD.dll
[2009/05/20 15:09:07 | 000,266,240 | ---- | C] () -- C:\Windows\System32\STODDIM.dll
[2009/05/20 15:09:07 | 000,229,376 | ---- | C] () -- C:\Windows\System32\STFiles.dll
[2009/05/20 15:09:07 | 000,122,880 | ---- | C] () -- C:\Windows\System32\STLog.dll
[2009/05/20 15:09:07 | 000,118,784 | ---- | C] () -- C:\Windows\System32\STCrypto.dll
[2009/05/20 15:09:07 | 000,115,712 | ---- | C] () -- C:\Windows\System32\STNLS.dll
[2009/05/20 15:09:07 | 000,110,592 | ---- | C] () -- C:\Windows\System32\PSTVdsDisk.dll
[2009/05/20 15:09:07 | 000,098,304 | ---- | C] () -- C:\Windows\System32\STFileMonitor.dll
[2009/05/20 15:09:07 | 000,094,208 | ---- | C] () -- C:\Windows\System32\STMsXml.dll
[2009/05/20 15:09:07 | 000,090,112 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/05/20 15:09:07 | 000,077,824 | ---- | C] () -- C:\Windows\System32\STLangXml.dll
[2009/05/20 15:09:07 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/05/20 15:09:06 | 000,126,976 | ---- | C] () -- C:\Windows\System32\STWmiM.dll
[2009/05/20 15:09:05 | 000,102,400 | ---- | C] () -- C:\Windows\System32\STShellVC6.dll
[2009/05/20 15:09:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\STCoreXml.dll
[2009/05/20 15:09:03 | 001,118,208 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2009/05/20 15:01:58 | 000,938,328 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
[2009/05/20 15:01:56 | 000,028,672 | ---- | C] () -- C:\Windows\System32\iolobtdfg.exe
[2009/05/20 15:01:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\smrgdf.exe
[2009/05/20 15:01:37 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2009/05/20 14:46:34 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/05/20 14:46:33 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/05/20 14:46:32 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/02/03 19:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,379,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,600,360 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,102,226 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/01/06 13:11:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Accelrys
[2009/07/08 04:07:02 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/02 17:34:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DAEMON Tools Pro
[2009/11/12 17:12:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\EndNote
[2011/05/20 22:09:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Foxit Software
[2009/06/24 01:40:10 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GetRightToGo
[2009/06/01 01:53:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\iolo
[2009/07/03 12:02:38 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Nortel
[2010/04/08 16:06:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OriginLab
[2010/11/22 23:08:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Synergy Software
[2010/12/10 23:06:00 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WaveMetrics
[2009/08/10 00:30:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Windows Live Writer
[2011/09/22 02:07:41 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/09/08 08:13:09 | 000,000,073 | ---- | M] ()(C:\Users\Matt\Desktop\??? (Matto).txt) -- C:\Users\Matt\Desktop\マット (Matto).txt
[2009/07/05 22:15:34 | 000,000,073 | ---- | C] ()(C:\Users\Matt\Desktop\??? (Matto).txt) -- C:\Users\Matt\Desktop\マット (Matto).txt

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Ratagin wrote:Extras.Txt.



OTL Extras logfile created on: 9/27/2011 11:17:41 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Matt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 50.94% Memory free
7.12 Gb Paging File | 5.61 Gb Available in Paging File | 78.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 121.86 Gb Free Space | 55.85% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.56 Gb Free Space | 44.75% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068EA105-B56E-4F7C-A182-08DFC7735BA2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{11D2BEF6-131D-4EB2-B51C-53D027994CE4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1B47BE13-EB62-4106-8268-34EB189E1569}" = lport=2869 | protocol=6 | dir=in | app=system |
"{22E94344-014F-4608-A02B-9DAAC2147D0E}" = lport=58565 | protocol=17 | dir=in | name=canon capt port |
"{3CE299B6-CE25-44E6-986B-D361CEF027A6}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{50CF6DAA-C7E5-45AC-9FF0-08BD62355069}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
"{64A913E9-E139-4EFF-B1FC-B2622374F332}" = lport=49160 | protocol=17 | dir=in | name=canon capt port |
"{70A3FD56-BADA-4AB3-A87D-9632B8FED874}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8812A0A9-F552-4BBC-A975-325515AF66FB}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
"{97A6E656-0D58-42AB-B6DB-A1321D88FD34}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
"{B9050E24-A9D2-4B7D-AE8F-36DE7C36BFEC}" = lport=5900 | protocol=6 | dir=in | name=ultravnc server |
"{C18B1C7C-66F1-4571-A4F0-751C56F7F45E}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
"{C9A3F225-3AB7-458F-950C-3F0F394B7D52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E9FC5C4A-B16C-4169-B247-39CCD7290D6D}" = lport=52339 | protocol=17 | dir=in | name=canon capt port |
"{FD2480A3-BD0E-42DD-A035-8EBDF6B0F006}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07887844-5C6C-40E8-B4B1-9FB9548D5F1D}" = protocol=17 | dir=in | app=c:\programdata\ultravnc\winvnc.exe |
"{0AC7A56D-3C77-4020-B5F0-B1E7A0B4DA33}" = protocol=6 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{0D0BC997-8255-472B-9F17-5232BF57785C}" = protocol=17 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{129BAE4D-F6EC-4F39-9E9F-8CF3463A0BAB}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{13F3B811-BEC4-4EB8-8D9B-C3B3D8FA8725}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe |
"{14B132E3-5358-4C10-9110-34A0E996EBCC}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{15F9DD84-BF66-4156-B381-37689B73D925}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe |
"{213C9E28-0819-48CA-BA4A-B8CC91C46558}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe |
"{22E57129-2984-471E-BCE5-8C1C5B433902}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{2887525F-48FF-46A9-A220-5D084A602A78}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{2D7B13B9-EEB4-4779-983E-84A3C9BD5EA1}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{3630442B-F613-45C5-9CB1-A26E6AA1E1A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{36C60429-8ED8-47B0-B72A-AFCB4C44F125}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3907092C-7228-40CF-97C3-79D6EFC4D1BA}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe |
"{3DE44E95-1A7A-4B45-A29F-E313589C28CE}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe |
"{3F59981A-7145-48F4-A0B8-51AAA525E04F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4DBE7C61-A4FE-4B07-88A7-D4BFFF1352BA}" = protocol=6 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{51E1B345-5194-4448-A8E6-FE9353AE0588}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\php.exe |
"{562842F6-9066-4B78-A86B-85DB5DD990D0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{57552F43-CDAA-49DC-BC98-42E232A4EF00}" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{584E3461-7202-4798-B8F3-5A42018EF7B1}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{5B1765D5-C249-4567-9708-550EDE1498F7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{67F17879-425D-4FDF-BBD8-05B98FC2CE9D}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe |
"{6DC3080E-02E6-4291-B97A-6614000D64E3}" = protocol=6 | dir=in | app=c:\programdata\ultravnc\winvnc.exe |
"{73A9A0B8-8206-460E-95A8-FA84EBDC08BE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{75C15470-5E12-415D-BF04-5F244BA4E581}" = protocol=17 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{806AFAEE-3372-4E52-BE20-AF998B557317}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8ECB84BE-58B3-43D5-90FE-4D8E4A47B9EF}" = protocol=6 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{9BC2A029-7B5C-442B-A416-5F950EA50268}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\php.exe |
"{A94E3432-DAAF-4FCA-8D6E-406D662B565C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9EED8AD-5B06-4DC3-9195-AAA76FF78F20}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{AB16218E-C17B-423B-8313-C75C93AF4855}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{AC916221-4911-47B3-A5EC-EC0C0FEE8454}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{C79F729A-A21E-447F-86D2-0147852ADB1D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D244390B-A572-40CF-87BE-473A62F7396A}" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{D7FDC1DD-91E2-48C5-8B60-527FA92FB816}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DC1644E0-8E1B-48E6-9B69-0F1AC8E22590}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E113722A-D1E5-4351-969C-D3EA4A129D09}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E6D3576D-DABF-4277-A610-431E9E05B9C3}" = protocol=17 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{E7154F4B-4AA3-4F16-A476-83B585341BE7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E87AACEA-53C6-4EFA-97F7-31A3F820BB8A}" = protocol=6 | dir=in | app=c:\users\matt\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F902292A-069D-4085-9EF7-8AB77899CE32}" = protocol=17 | dir=in | app=c:\users\matt\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{FC72825A-33F6-40D5-A030-9C180C20BF21}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{FFE34703-2915-4B4E-91FF-8B4130AAFBE0}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"TCP Query User{0BDD3E01-1207-44E3-95F5-08AE4F430B9F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{74737357-2064-4BBD-8BE3-CD9D9AB27162}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25E81740-CA17-489E-A8B6-54319A1C4D41}}_is1" = Dell PC TuneUp
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{32714287-4234-412A-877B-D33AFABFDE2B}" = EverQuest Titanium
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECE12161-B445-48FA-9056-FD54D8A72459}" = Origin 7.5
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA009" = Integrated Webcam Driver (1.02.01.0320)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"Diablo" = Diablo
"Diablo II" = Diablo II
"EPSON NX210 Series" = EPSON NX210 Series Printer Uninstall
"Foxit Reader" = Foxit Reader
"GoToAssist" = GoToAssist 8.0.0.514
"Igor Pro" = Igor Pro
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"KaleidaGraph 4.1" = KaleidaGraph 4.1
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSC" = McAfee SecurityCenter
"ULTIMATER" = Microsoft Office Ultimate 2007
"WildTangent dell Master Uninstall" = WildTangent Games
"WinEdt 6" = WinEdt 6
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-245273635-629929200-1524352486-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MiKTeX 2.8" = MiKTeX 2.8
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/21/2011 11:26:52 PM | Computer Name = Matt-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 9/21/2011 11:26:53 PM | Computer Name = Matt-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 9/22/2011 1:37:33 AM | Computer Name = Matt-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 9/22/2011 1:37:33 AM | Computer Name = Matt-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 9/22/2011 1:37:33 AM | Computer Name = Matt-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 9/22/2011 1:37:33 AM | Computer Name = Matt-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 9/26/2011 7:42:37 PM | Computer Name = Matt-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 9/26/2011 7:42:34 PM | Computer Name = Matt-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 9/26/2011 7:42:34 PM | Computer Name = Matt-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 9/26/2011 7:43:20 PM | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 1/26/2010 12:31:41 AM | Computer Name = Matt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2470
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 1/30/2010 12:02:50 AM | Computer Name = Matt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 46
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/16/2010 10:58:45 PM | Computer Name = Matt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 307 seconds with 120 seconds of active time. This session ended with a crash.

Error - 7/23/2010 1:36:58 PM | Computer Name = Matt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 12 seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/3/2010 3:20:40 PM | Computer Name = Matt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 12 seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/13/2011 2:07:55 AM | Computer Name = Matt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 186
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/21/2011 5:33:36 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7038
Description =

Error - 9/21/2011 5:33:36 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/21/2011 6:15:45 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 9/26/2011 7:42:37 PM | Computer Name = Matt-PC | Source = DCOM | ID = 10005
Description =

Error - 9/26/2011 7:43:28 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/26/2011 7:43:28 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 9/26/2011 7:43:28 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 9/26/2011 7:43:28 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 9/26/2011 7:43:28 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/27/2011 11:05:33 AM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >

askey127 wrote:Check the boxes labeled :
Scan All Users
LOP check
Purity check
Extra Registry > Use SafeList


Also, when running the OTL Scanner, I had all of the above checked. However, the default by the scanner also had Processes, Services, Drivers, and Standard Registry checked with "Use Safelist" so I left them as is. Also, File age was checked as 30 days, Standard Output and Files Created Within File age and Files Modified Withing File Age Were all checked, as well as "Use No-Company-Name WhiteList".

askey127 wrote:You have quite a few errors from services, due to removing files without removing the related application program first.
Do you use GoToAssist?


I don't have GoToAssist, and have never used it.

I hope this info helps!

Thanks again,
Ratagin
Last edited by Ratagin on September 27th, 2011, 11:37 am, edited 1 time in total.
Ratagin
Regular Member
 
Posts: 28
Joined: September 21st, 2011, 8:53 pm

Re: Suspected Malware infection

Unread postby Ratagin » September 27th, 2011, 11:34 am

Hi Askey,

I noticed that McAfee Security Center was reinstalled yesterday, which I did not do. It must auto-update/install on its own. This was one of the original programs you told me to get rid of along with bittorrent and java.

-Ratagin
Ratagin
Regular Member
 
Posts: 28
Joined: September 21st, 2011, 8:53 pm

Re: Suspected Malware infection

Unread postby askey127 » September 27th, 2011, 5:22 pm

Ratagin,
Please be very careful of the exact names. The program I asked you to get rid of was: McAfee Security Scan Plus
It is just junk adware.
Your McAfee Security Center is your Antivirus, and you would not normally remove it.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Adobe Reader 9.4.6
GoToAssist 8.0.0.514

Take extra care in answering questions posed by any Uninstaller.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.1 are vulnerable.
Go HERE and click on AdbeRdr1010_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.
After the new Reader is installed, Open Adobe Reader X.
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it finishes, you can remove the Installer from your desktop.
----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware It is free for non-business use.
Please go here to the Download Location, click on Download in the Free column..
When the next page comes up, click on the Download Now button.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
  • You should now have a desktop icon named mbam-setup.exe. (If the download was saved somewhere else, locate it and copy or move it to your desktop).
  • Right click it, choose Run as administrator and Continue
  • Let it install where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
  • If necessary, start Malwarebytes Anti-Malware again.
    (You can Decline any Offer for a Trial if you don't want the paid version)
  • Once the program has started up, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Suspected Malware infection

Unread postby Ratagin » September 27th, 2011, 7:04 pm

askey127 wrote:Please be very careful of the exact names. The program I asked you to get rid of was: McAfee Security Scan Plus
It is just junk adware.
Your McAfee Security Center is your Antivirus, and you would not normally remove it.

I think I made a mistake in my previous post. I believe I correctly got rid of McAfee Security Scan Plus and kept McAfee Security Center. Maybe the 9/26/2011 download date for McAfee Security Center was due to an update in the virus program? I just got confused in my previous post when I saw a McAfee product "installed" on 9/26 after I deleted McAfee Security Scan Plus several days ago.

askey127 wrote:Go HERE and click on AdbeRdr1010_en_US.exe


this link (ftp://ftp//ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.0/en_US/) was broken so I deleted ftp// and downloaded from ftp://ftp.adobe.com/pub/adobe/reader/wi ... 1.0/en_US/

askey127 wrote:Malwarebytes Anti-Malware... and post the contents in your reply.



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7811

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/27/2011 6:56:01 PM
mbam-log-2011-09-27 (18-56-01).txt

Scan type: Quick scan
Objects scanned: 188458
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks again!
Ratagin
Ratagin
Regular Member
 
Posts: 28
Joined: September 21st, 2011, 8:53 pm

Re: Suspected Malware infection

Unread postby askey127 » September 29th, 2011, 7:37 am

Ratagin,
Has the speed improved?
How is it running?

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Suspected Malware infection

Unread postby Ratagin » September 29th, 2011, 10:10 am

askey127 wrote:Ratagin,
Has the speed improved?
How is it running?

askey127


Indeed, things are much faster now. I have especially noticed an improvement in startup times for my computer. Also, when running task manager, the system resources are much more free. Things are a lot better. :D Is that the end?

-Ratagin
Ratagin
Regular Member
 
Posts: 28
Joined: September 21st, 2011, 8:53 pm

Re: Suspected Malware infection

Unread postby askey127 » September 29th, 2011, 2:42 pm

Ratagin,
I don't see any infections on your machine now.
I think you are good to go.
You can start OTL again and click on the "Clean Up" button. That will remove the tools we used.
Good luck.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Suspected Malware infection

Unread postby Ratagin » September 29th, 2011, 6:37 pm

Great, thanks Askey! I plan on making a donation!

-Ratagin
Ratagin
Regular Member
 
Posts: 28
Joined: September 21st, 2011, 8:53 pm

Re: Suspected Malware infection

Unread postby askey127 » September 29th, 2011, 6:52 pm

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware